proxy_ssl_verify error: 'upstream SSL certificate does not match "test.example.com" while SSL handshaking to upstream', for CN/SAN 'matched' client & server certs ?
PGNet Dev
pgnet.dev at gmail.com
Tue Jun 2 04:58:26 UTC 2020
with patch applied, and 'proxy_ssl_server_name on;'
this is where the problem appears
2020/06/02 00:50:08 [debug] 20166#20166: *3 verify:1, error:0, depth:2, subject:"/O=example.com/OU=example.com_CA/L=New_York/ST=NY/C=US/emailAddress=admin at example.com/CN=example.com_CA", issuer:"/O=example.com/OU=example.com_CA/L=New_York/ST=NY/C=US/emailAddress=admin at example.com/CN=example.com_CA"
2020/06/02 00:50:08 [debug] 20166#20166: *3 verify:1, error:0, depth:1, subject:"/C=US/ST=NY/O=example.com/OU=example.com_CA/CN=example.com_CA_INTERMEDIATE/emailAddress=admin at example.com", issuer:"/O=example.com/OU=example.com_CA/L=New_York/ST=NY/C=US/emailAddress=admin at example.com/CN=example.com_CA"
2020/06/02 00:50:08 [debug] 20166#20166: *3 verify:1, error:0, depth:0, subject:"/C=US/ST=NY/L=New_York/O=example.com/OU=example.com_CA/CN=test.example.net/emailAddress=admin at example.com", issuer:"/C=US/ST=NY/O=example.com/OU=example.com_CA/CN=example.com_CA_INTERMEDIATE/emailAddress=admin at example.com"
2020/06/02 00:50:08 [debug] 20166#20166: *3 ssl new session: 0E2A0672:32:1105
2020/06/02 00:50:08 [debug] 20166#20166: *3 ssl new session: 31C878D7:32:1104
2020/06/02 00:50:08 [debug] 20166#20166: *3 SSL_do_handshake: 1
2020/06/02 00:50:08 [debug] 20166#20166: *3 SSL: TLSv1.3, cipher: "TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD"
2020/06/02 00:50:08 [debug] 20166#20166: *3 reusable connection: 1
2020/06/02 00:50:08 [debug] 20166#20166: *3 http wait request handler
2020/06/02 00:50:08 [debug] 20166#20166: *3 malloc: 0000555967A0B2E0:1024
2020/06/02 00:50:08 [debug] 20166#20166: *3 SSL_read: 772
2020/06/02 00:50:08 [debug] 20166#20166: *3 SSL_read: -1
2020/06/02 00:50:08 [debug] 20166#20166: *3 SSL_get_error: 2
2020/06/02 00:50:08 [debug] 20166#20166: *3 reusable connection: 0
2020/06/02 00:50:08 [debug] 20166#20166: *3 posix_memalign: 00005559678F6460:4096 @16
2020/06/02 00:50:08 [debug] 20166#20166: *3 posix_memalign: 00005559675113A0:4096 @16
2020/06/02 00:50:08 [debug] 20166#20166: *3 http process request line
2020/06/02 00:50:08 [debug] 20166#20166: *3 http request line: "GET /app1 HTTP/1.1"
2020/06/02 00:50:08 [debug] 20166#20166: *3 http uri: "/app1"
2020/06/02 00:50:08 [debug] 20166#20166: *3 http args: ""
2020/06/02 00:50:08 [debug] 20166#20166: *3 http exten: ""
2020/06/02 00:50:08 [debug] 20166#20166: *3 http process request header line
2020/06/02 00:50:08 [info] 20166#20166: *3 client attempted to request the server name different from the one that was negotiated while reading client request headers, client: 127.0.0.1, server: test.example.net, request: "GET /app1 HTTP/1.1", host: "example.net"
2020/06/02 00:50:08 [debug] 20166#20166: *3 http finalize request: 421, "/app1?" a:1, c:1
2020/06/02 00:50:08 [debug] 20166#20166: *3 event timer del: 50: 3334703
2020/06/02 00:50:08 [debug] 20166#20166: *3 http special response: 421, "/app1?"
2020/06/02 00:50:08 [debug] 20166#20166: *3 http set discard body
2020/06/02 00:50:08 [debug] 20166#20166: *3 headers more header filter, uri "/app1"
2020/06/02 00:50:08 [debug] 20166#20166: *3 lua capture header filter, uri "/app1"
2020/06/02 00:50:08 [debug] 20166#20166: *3 xslt filter header
2020/06/02 00:50:08 [debug] 20166#20166: *3 charset: "" > "utf-8"
2020/06/02 00:50:08 [debug] 20166#20166: *3 HTTP/1.1 421 Misdirected Request
noting
2020/06/02 00:50:08 [info] 20166#20166: *3 client attempted to request the server name different from the one that was negotiated while reading client request headers, client: 127.0.0.1, server: test.example.net, request: "GET /app1 HTTP/1.1", host: "example.net"
now, need to stare at this and try to figure out 'why?'
More information about the nginx
mailing list